"'Recently, our research lab identified a completely new 'financial' Ramnit variant aimed at stealing Facebook login credentials. Since the Ramnit Facebook C&C URL is visible and accessible it was fairly straightforward to detect that over 45,000 Facebook login credentials have been stolen worldwide, mostly from users in the United Kingdom and France,' Seculert said in a blog post analyzing the new variant of Ramnit," writes Threatpost's Dennis Fisher.

"Stealing the Facebook credentials is just one step in the process, though," Fisher writes. "Once those credentials are secured, it seems that the attackers then try to see whether the victims have reused their Facebook passwords on other sites."